The Trusted Network Initiative is not just about who the user is, but their devices too -- and how we can only allow access to devices with up-to-date security patches and without any known Trojans and malware.

IT security used to be a matter of securing the organization, but with more and more components of the organization outsourced to strategic partners, each given access to important information, it is now a matter of being able to trust these partners.

Hence the need for ISO17799, which first segregates data (for example, it ensures that the outsourcing partner with access to accounts receivable does not have access to accounts payable) and ensures that their security protocols are up to date. Indeed, with today's extended enterprise, even customers who have access to our systems need to be trusted and have adequate security of their own.